From nobody Wed Aug 9 07:41:07 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RLMT36DPlz4mM0l for ; Wed, 9 Aug 2023 07:41:59 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:313::1:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature ECDSA (P-256) client-digest SHA256) (Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RLMT24llsz4WdX for ; Wed, 9 Aug 2023 07:41:58 +0000 (UTC) (envelope-from Alexander@Leidinger.net) Authentication-Results: mx1.freebsd.org; none Received: from remote (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: Alexander@Leidinger.net) by outgoing.leidinger.net (Postfix) with ESMTPSA id 7604C68E; Wed, 9 Aug 2023 09:41:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net; s=outgoing-alex; t=1691566904; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=+70hdErTi41IJ14KdP4ASzM4dyi/zPPUEKrTRHRhPH0=; b=zfpcE4wgsu38l9zlNhT8jSMrSmpKMwqds+5W8w0ddbmCK/JeU5OHTTx/vu+xPKsdrdIaqm GRBkZu+t8/ZAWvJcxDXxpjNpysQcHI13/Pwd6TWUHcMYZBHFi3eBMjzcz7zO1xzTQr0wNX jkqGz93+4nIlYvcSmE8FHiGiCLgZPyVq8vz5kTpVMI3JfAFewC6LQvMvYLNpUjogOnLlG3 wbUjfHFZAwjuLULyvdqTGXvlk5kHOcph589QW5z7x7BIRmekbqTHXeYHN2dpiOitwM59Zi UtyKpd6pWdARyq9g35ZDqDJsLBwzDjF8s8LWV3lJmmEllXTHK0Rw1wUOtkYelQ== From: Alexander Leidinger To: Stefan Bethke , Date: Wed, 09 Aug 2023 09:41:07 +0200 Message-ID: <189d93e0238.2805.fa4b1493b064008fe79f0f905b8e5741@Leidinger.net> In-Reply-To: References: Subject: Re: Downfall microcode update List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="189d93e03245ded2805a8ef6d0" X-Rspamd-Queue-Id: 4RLMT24llsz4WdX X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:34240, ipnet:2a00:1828::/32, country:DE] This is a multi-part message in MIME format. --189d93e03245ded2805a8ef6d0 Content-Type: text/plain; format=flowed; charset="us-ascii" Content-Transfer-Encoding: 8bit Hi, The real microcode is in sysutils/devcpu-data-intel and updated much more recently. You can load the microcode from loader, or from a rc.d service. Bye, Alexander. -- Send from a mobile device, please forgive brevity and misspellings. Am 9. August 2023 09:33:06 schrieb Stefan Bethke : > https://downfall.page/#faq > > Apparently, Intel will be issuing a microcode update for this. What is the > recommended way to automatically apply these during boot? I see that I have > cpupdate-g20180513_4 installed, which appears to be maintained despite the > scarily old date in the version number :-) > https://www.freshports.org/sysutils/cpupdate/ > > The servers I'm concerned about are old enough to not receive BIOS updates > ever again. > > > Thanks, > Stefan > > -- > Stefan Bethke Fon +49 151 14070811 --189d93e03245ded2805a8ef6d0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Hi, 

The real microcode is in sysutils/devcpu-data-intel and updated much mo= re recently. 

You c= an load the microcode from loader, or from a rc.d service. 

Bye, 
= Alexander. 

-- 
Send from a mobile device, please forgive brevity and misspell= ings.

Am 9. August 2023 09:33:06 schrieb Stefan Bethke <stb@= lassitu.de>:

https://downfall.page/#faq

Apparently, Intel will be issuing a microcode update for = this. What is the recommended way to automatically apply these during boot?= I see that I have cpupdate-g20180513_4 installed, which appears to be main= tained despite the scarily old date in the version number :-) https://www.f= reshports.org/sysutils/cpupdate/

The servers I'm concerned about are old enough to not rec= eive BIOS updates ever again.


Thanks,
Stefan

--
Stefan Bethke <stb@lassitu.de>   Fon +49 151 1= 4070811

--189d93e03245ded2805a8ef6d0--